|
Increased Crimeware Usage
SAN JOSE, Calif. -- Finjan Inc. announced that its Finjan SecureBrowsing has uncovered a growing number of specific cases of crimeware toolkits (malicious code software packages) used by criminals. Finjan forecast the increased usage of crimeware toolkits by cybercriminals in its recently published quarterly and monthly reports.
In addition, as recently noted on ZDNet post, Finjan SecureBrowsing successfully alerted users to a
crimeware toolkit used on the compromised Bank of India website, known as the IcePack toolkit.
Finjan SecureBrowsing is a leading browser plug-in that adds safety ratings to URLs of search results, Web 2.0 and other popular websites. Leveraging the same patented real-time content inspection technology as
implemented in Finjan's Secure Web Gateway solutions, Finjan SecureBrowsing identified 10 different types of crimeware toolkits in August alone. These crimeware toolkits are being sold by hackers for only a few hundred dollars, and are being used by criminals on the web today.
August's crimeware toolkit list includes the known MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit toolkits, as well as new toolkits such as random.js, vipcrypt, makemelaugh and dycrypt.
Each of these crimeware toolkits is being updated frequently to include recent exploits and new anti-forensic techniques that allow them to bypass and escape detection by traditional signature, reputation and
URL based security products. The dozens of versions for each of the crimeware toolkits provide the basis for hundreds of unique toolkits in use by cybercriminals today.
Finjan SecureBrowsing has also identified dozens of active criminals using these crimeware toolkits. Finjan detected 58 criminals that have used the MPack toolkit to successfully infect over 500,000 unique users in a single month.
Finjan SecureBrowsing alerted users to crimeware found on compromised financial and government sites as well as on many top-ranked portals and Web 2.0 sites.
In addition, Finjan SecureBrowsing identified six active affiliation programs (iframedollar, iframebiz, iframe911, iframestat, Neon, Vera) that typically pay website owners for infecting their visitors with crimeware. Such affiliation programs utilize the "iframe" method described in detail in Finjan's Web Security Trends Report Q2 2007. Each affiliation program has managed to have hundreds of website infecting their visitors for cash.
The prevalence of code obfuscation -- a technique commonly used to bypass traditional signature, reputation and URL based solutions that was predicted in Finjan's Web Security Trends Report Q4 2006 -- is also on a constant rise. An analysis of the Finjan SecureBrowsing data indicates that more than 90% in
the use of code obfuscation to infect end-user PCs with crimeware.
Go Back
|
